(Classic ASP) Get a .pfx/.p12 Safe Bag Attribute

Demonstrates how to get the value of a private key or certificate safe bag attribute. Safe bag attributes are associated with a key or certificate. They are attributes stored in the .p12/.pfx alongside a key or certificate.

Note: This example requires Chilkat v11.0.0 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

set pfx = Server.CreateObject("Chilkat.Pfx")

success = pfx.LoadPfxFile("qa_data/pfx/test_ecdsa_secret.pfx","secret")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( pfx.LastErrorText) & "</pre>"
    Response.End
End If

set json = Server.CreateObject("Chilkat.JsonObject")
pfx.GetLastJsonData json

json.EmitCompact = 0
Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>"

' The last JSON data provides information about the what is contained in the PFX.  It was collected in the call to LoadPfxFile.
' For example:

' {
'   "authenticatedSafe": {
'     "contentInfo": [
'       {
'         "type": "Data",
'         "safeBag": [
'           {
'             "type": "pkcs8ShroudedKeyBag",
'             "attrs": {
'               "localKeyId": "16777216",
'               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
'               "msStorageProvider": "Microsoft Software Key Storage Provider"
'             }
'           }
'         ]
'       },
'       {
'         "type": "EncryptedData",
'         "safeBag": [
'           {
'             "type": "certBag",
'             "attrs": {
'               "localKeyId": "16777216"
'             },
'             "subject": "EE",
'             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
'           },
'           {
'             "type": "certBag",
'             "subject": "CA",
'             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
'           }
'         ]
'       }
'     ]
'   }
' }

' Use this online tool to generate parsing code from sample JSON: 
' Generate Parsing Code from JSON

' In the above JSON, we can see the .pfx contains one private key (a pkcs8ShroudedKeyBag) and two certificates (each in a certBag).
' The certificates in a .pfx/.p12 are typicaly a single certificate with associated private key, along with the other certificates
' in the chain of authentication.

' We can see that the private key has 3 safebag attributes: localKeyId, keyContainerName, and msStorageProvider.
' The certificate associated with the private key contains one safebag attribute: localKeyId.
' Notice the localKeyId is the same.  The localKeyId helps associate the private key that corresponds to the given certificate.

' Let's demonstrate the GetSafeBagAttr method:

' Get each of the private key safebag attributes:
getPrivateKeyAttr = 1
privateKeyIdx = 0
Response.Write "<pre>" & Server.HTMLEncode( "---- private key safebag attributes ----") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( pfx.GetSafeBagAttr(getPrivateKeyAttr,privateKeyIdx,"localKeyId")) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( pfx.GetSafeBagAttr(getPrivateKeyAttr,privateKeyIdx,"keyContainerName")) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( pfx.GetSafeBagAttr(getPrivateKeyAttr,privateKeyIdx,"storageProvider")) & "</pre>"

' Get the localKeyId attribute for the 1st certificate.
getPrivateKeyAttr = 0
Response.Write "<pre>" & Server.HTMLEncode( "---- cert safebag attributes ----") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( pfx.GetSafeBagAttr(getPrivateKeyAttr,0,"localKeyId")) & "</pre>"

%>
</body>
</html>